Abstract: A system having scalable sockets to support User Datagram Protocol (UDP) connections identifies a plurality of UDP connections, wherein a plurality of remote clients connect to corresponding ones of the plurality of UDP connections. Each one of a plurality of UDP sockets is associated with a corresponding one of the plurality of UDP connections. A network stack lookup for UDP packets in network traffic is performed using a network stack to identify the UDP socket corresponding to the remote client associated with each of the UDP packet. The UDP packets are buffered with a send buffer and a receive buffer for the UDP socket corresponding to the remote client associated with the UDP packets as determined by the network stack lookup to support communication over the plurality of UDP connections using the plurality of UDP sockets. The system thereby operates more efficiently and/or is more scalable.

Abstract: A system having scalable sockets to support User Datagram Protocol (UDP) connections identifies a plurality of UDP connections, wherein a plurality of remote clients connect to corresponding ones of the plurality of UDP connections. Each one of a plurality of UDP sockets is associated with a corresponding one of the plurality of UDP connections. A network stack lookup for UDP packets in network traffic is performed using a network stack to identify the UDP socket corresponding to the remote client associated with each of the UDP packet. The UDP packets are buffered with a send buffer and a receive buffer for the UDP socket corresponding to the remote client associated with the UDP packets as determined by the network stack lookup to support communication over the plurality of UDP connections using the plurality of UDP sockets. The system thereby operates more efficiently and/or is more scalable.

Abstract: Described herein is a system and method of connectivity migration of an executing virtual application and/or guest operating system. State associated with a first instance of an application and/or a guest operating system executing on a first virtual machine is captured. Information regarding connectivity state associated with a plurality of running connections between the first virtual machine and client device(s) is also captured (e.g., layers 2, 3 and 4). The captured state information can be provided to a second virtual machine which utilizes the captured station information to establish state for a second instance of the application, a second instance of the guest operating system, and/or connectivity of the plurality of running connections between the second virtual machine and client device(s). The state of the second instance of the application can be synchronized with the state of the second instance of the guest operating system.

Abstract: A system having scalable sockets to support User Datagram Protocol (UDP) connections identifies a plurality of UDP connections, wherein a plurality of remote clients connect to corresponding ones of the plurality of UDP connections. Each one of a plurality of UDP sockets is associated with a corresponding one of the plurality of UDP connections. A network stack lookup for UDP packets in network traffic is performed using a network stack to identify the UDP socket corresponding to the remote client associated with each of the UDP packet. The UDP packets are buffered with a send buffer and a receive buffer for the UDP socket corresponding to the remote client associated with the UDP packets as determined by the network stack lookup to support communication over the plurality of UDP connections using the plurality of UDP sockets. The system thereby operates more efficiently and/or is more scalable.

Abstract: A system for batched User Datagram Protocol (UDP) processing, on a send operation, combines multiple UDP packets into a plurality of packet batches to indicate on a plurality of sockets based at least in part on a packet batch size. Each packet batch is to be indicated to a corresponding one of the plurality of sockets to convey the plurality of packet batches to a network stack. One call is performed for each indicated socket of the plurality of sockets based on the packet batch size to convey each packet batch to the network stack. The network stack performs a single look up operation and a single network security inspection operation once per packet batch. In response to performing the one call, the plurality of packet batches are then sent to a network adapter or an application. The system thereby operates more efficiently and/or is more scalable.

Abstract: Described herein is a system and method of connectivity migration of an executing virtual application and/or guest operating system. State associated with a first instance of an application and/or a guest operating system executing on a first virtual machine is captured. Information regarding connectivity state associated with a plurality of running connections between the first virtual machine and client device(s) is also captured (e.g., layers 2, 3 and 4). The captured state information can be provided to a second virtual machine which utilizes the captured station information to establish state for a second instance of the application, a second instance of the guest operating system, and/or connectivity of the plurality of running connections between the second virtual machine and client device(s). The state of the second instance of the application can be synchronized with the state of the second instance of the guest operating system.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: Described herein is a system and method of connectivity migration of an executing virtual application and/or guest operating system. State associated with a first instance of an application and/or a guest operating system executing on a first virtual machine is captured. Information regarding connectivity state associated with a plurality of running connections between the first virtual machine and client device(s) is also captured (e.g., layers 2, 3 and 4). The captured state information can be provided to a second virtual machine which utilizes the captured station information to establish state for a second instance of the application, a second instance of the guest operating system, and/or connectivity of the plurality of running connections between the second virtual machine and client device(s). The state of the second instance of the application can be synchronized with the state of the second instance of the guest operating system.

Abstract: A system for hardware offloading programs a network interface card with a mapping between (i) a connection identification (CID) for one or more Quick User Datagram Protocol Internet Connections (QUIC) data packets and (ii) a symmetric key and a crypto algorithm. When one or more data packets are received over a network, the one or more data packets are parsed to identify the one or more data packets as QUIC data packets and then obtain the CID for the QUIC data packets. The CID is sent to the network interface card that identifies the symmetric key and the crypto algorithm based on the CID to perform a crypto decrypt operation on the QUIC data packets, and reassembles the QUIC data packets, and an encrypt and large send offload (LSO) on transmit. A software control complexity and processing burden is thereby reduced.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Abstract: A system having scalable sockets to support User Datagram Protocol (UDP) connections identifies a plurality of UDP connections, wherein a plurality of remote clients connect to corresponding ones of the plurality of UDP connections. Each one of a plurality of UDP sockets is associated with a corresponding one of the plurality of UDP connections. A network stack lookup for UDP packets in network traffic is performed using a network stack to identify the UDP socket corresponding to the remote client associated with each of the UDP packet. The UDP packets are buffered with a send buffer and a receive buffer for the UDP socket corresponding to the remote client associated with the UDP packets as determined by the network stack lookup to support communication over the plurality of UDP connections using the plurality of UDP sockets. The system thereby operates more efficiently and/or is more scalable.

Abstract: A system for batched User Datagram Protocol (UDP) processing, on a send operation, combines multiple UDP packets into a plurality of packet batches to indicate on a plurality of sockets based at least in part on a packet batch size. Each packet batch is to be indicated to a corresponding one of the plurality of sockets to convey the plurality of packet batches to a network stack. One call is performed for each indicated socket of the plurality of sockets based on the packet batch size to convey each packet batch to the network stack. The network stack performs a single look up operation and a single network security inspection operation once per packet batch. In response to performing the one call, the plurality of packet batches are then sent to a network adapter or an application. The system thereby operates more efficiently and/or is more scalable.

Abstract: A system for hardware offloading programs a network interface card with a mapping between (i) a connection identification (CID) for one or more Quick User Datagram Protocol Internet Connections (QUIC) data packets and (ii) a symmetric key and a crypto algorithm. When one or more data packets are received over a network, the one or more data packets are parsed to identify the one or more data packets as QUIC data packets and then obtain the CID for the QUIC data packets. The CID is sent to the network interface card that identifies the symmetric key and the crypto algorithm based on the CID to perform a crypto decrypt operation on the QUIC data packets, and reassembles the QUIC data packets, and an encrypt and large send offload (LSO) on transmit. A software control complexity and processing burden is thereby reduced.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: The technologies disclosed herein provide improvements to the Low Extra Delay Background Transport (LEDBAT) protocol. Some aspects of the present disclosure introduce an adaptive congestion window gain for background connections. In some configurations, a gain value for influencing the transmission rate of a background connection is dynamically adjusted based on data indicating a round trip time (RTT). The RTT includes a sum of a time in which the data is communicated to a remote device and a time in which acknowledgement is data returned from the remote device. In some configurations, the gain is decreased when the RTT is below a threshold and the gain is increased when the RTT is above the threshold. Among other features, the present disclosure also provides techniques involving a modified slow-start, multiplicative decrease and periodic slowdowns. The features disclosed herein mitigate some existing issues, such as latency drift, inter-LEDBAT fairness, and unnecessary slowdowns.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: A computer system enforces network security policy by pre-classifying network traffic. Unidimensional pre-classifier filters analyze network traffic to populate a pre-classifier bit array. Rather than having filter explosion with the creation of multidimensional filters, the pre-classifier bit array is used by other layers and/or filters to enforce network security policy. Further, reclassification of network traffic due to network security changes is streamlined due to the inclusion of pre-classifier layers and the pre-classifier bit array.

Abstract: Examples of the disclosure dynamically scale receive window auto-tuning. Tuning data is obtained, including the number of bytes in a receive buffer and the distribution of receive packets over time. Aspects of the disclosure use this tuning data to determine rates at which one or more applications on the receiving computer are consuming data and adjust or maintain the receive buffer accordingly in a dynamic manner to scale a receive window to current conditions.

Abstract: Present disclosure provides techniques for dynamically determining how to store and expire non-TCP traffic in a network environment. In some examples, aspects of the present disclosure may implement a state machine operated by the server for managing non-TCP traffic. Critically, in accordance with aspects of the present disclosure, non-TCP traffic may be combined with the use of multiple memory partitions and an expiry algorithm that supports dynamic scaling of non-TCP traffic while achieving faster connection speed, higher system performance, and lower time complexity.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.